The relationship between economics, malware and piracy

The relationship between economics, malware and piracy

Today, I read a report released by the Legatum Institute where they published their 2012 Prosperity Index. In their research, they surveyed 142 countries and ranked them against eight variables: their relative Economies, Entrepreneurship & Opportunity, Governance, Education, Health, (personal) Safety & Security, Personal Freedom and Social Capital. You can read about their methodology at the link I provided. Basically, it’s a way of ranking how good it is to live in a country by ranking a number of factors based upon statistical data as well as surveys.

Here are the top twelve best countries;

Norway

Denmark

Sweden

Australia

New Zealand

Canada

Finland

The Netherlands

Switzerland

Ireland

Luxembourg

United States

Looking over that list, while some people think that their country should be higher than others, for the most part, anyone looking at that list would say “Oh, that’s a pretty good list and each of those countries deserves to be in the top spot.”

Looking over that list, unless you lived there and wanted to dispute it, it probably doesn’t surprise you that any of those countries are that far down the list.

I decided to to run a quick correlation analysis. Are countries with a lower Prosperity Index at a higher risk for malware infections? And are they at a higher risk for software piracy?

To determine this, I downloaded a copy of the 2011 BSA Global Software Piracy Study. Then I went to Microsoft’s latest Security Intelligence Report (SIR), volume 12, and looked at the Worldwide Threat Assessment. In the SIR, Microsoft has a measurement that it calls CCM, or Computers Cleaned per Thousand executions of the Malicious Software Removal Tool. They also include some telemetry from the Microsoft Security Essentials software. One execution/removal of the MSRT corresponds to a malware infection.

I then did a correlation analysis. I discarded the countries for which I had no data and then ran against each of the eight factors that make up the Prosperity Index.

The results are:

There was no wide disparity in any of the variables.

Every single one of those eight variables has a statistically significant correlation. That is to say, we never had a case where a lower Economic factor was relevant but Education was not.

Every single of one of the factors has a strong statistical correlation between the various factors in the Prosperity Index and the rate of software piracy.

If you score poorly on Economy, you have a high rate of software piracy. If you score poorly on Health, you have a high rate of software piracy.

The strongest correlation was between Entrepreneurship Scale and software piracy. The weakest (yet still strong) was between Personal Safety and software piracy.

Every single one of the factors has a medium statistical correlation between the various factors in the Prosperity Index and the rate of malware infection.

The relationship here was either medium for all variables (correlation between 0.3 and 0.6). The strongest was between Malware Infections and Personal Safety once again, while the weakest (but still medium strength) was between Malware and the Economy which surprised.

What can we make of this?

I think that the better the country you live in, the less chance there is that you will pirate software and therefore the less chance that you will experience a malware infection. Furthermore, these variables are all linked. Poor personal safety leads to poor governance, which leads to weak economies and entrepreneurship. Worse yet, there is a multiplication factor. Poor countries are mired in non-progress while wealthier countries build on what they already have.

The result is that the poor countries get further behind because they go nowhere while the wealthy countries make incremental progress. It’s tough to get out of that rut and close the gap.

I have a problem with "I think that the better the country you live in, the less chance there is that you will pirate software and therefore the less chance that you will experience a malware infection." - Pirated material is not the only source of Malware; in fact, most of the well known malware did not come from pirated material.

www.trainace.com/security

21 Nov 2012 6:29 AM

Interesting concept. I do agree with you on a very strong statement you made; "Poor countries are mired in non-progress while wealtheir countries build on what they already have." Economically successful companies are just that for a reason. In general, the people living in these countries are less concerned with personal safety and getting by day to day. These are subconscious thoughts. Where as in countries with a more depressed economic stature, there is not much time for progress. With that comes less secured networks, more pirated software, so on and so forth. Once these countries can protect themselves better, both physically and virtually, then they will be more sound.

However, the link between pirated security and malware is one which I wasn't aware of. Like the previous comment points out, pirated material is not the only source of malware. A more in depth correlation study may be helpful for linked malware into the equation.